glvd logo
glvd logo
Garden Linux Vulnerability Database
CVE Description

"A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection."

Metadata

Vulnerability Status Published Date Modified Date Ingested Date
Awaiting Analysis 2026-04-06T16:16:42.140 2026-04-12T06:16:21.607 2026-04-12 06:16:21.607+00

CVSS Scores

CVSS Version Base Score DEB CVSS Severity Vector String
3.1 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Affected Linux Images

Distro Version Source Package Package Version Is Vulnerable Is fixed in Version
gardenlinux kvm-cilium-k3s-1435.0-4a8f67f4 tar 1.35+dfsg-3 true
gardenlinux kvm-gardener-1435.0-4a8f67f4 tar 1.35+dfsg-3 true
gardenlinux kvm-cg2epc-gardener-1435.0-4a8f67f4 tar 1.35+dfsg-3 true
gardenlinux metal-cilium-k3s-osc-vhost-1435.0-4a8f67f4 tar 1.35+dfsg-3 true
gardenlinux metal-cilium-k3s-osc-1435.0-4a8f67f4 tar 1.35+dfsg-3 true
gardenlinux kvm-cilium-k3s-1461.0-e82c34ca tar 1.35+dfsg-3 true
gardenlinux kvm-gardener-1461.0-e82c34ca tar 1.35+dfsg-3 true
gardenlinux kvm-cg2epc-gardener-1461.0-e82c34ca tar 1.35+dfsg-3 true
gardenlinux metal-cilium-k3s-osc-vhost-1461.0-e82c34ca tar 1.35+dfsg-3 true
gardenlinux metal-cilium-k3s-osc-1461.0-e82c34ca tar 1.35+dfsg-3 true
gardenlinux kvm-cilium-k3s-1504.0-6aac186b tar 1.35+dfsg-3 true
gardenlinux kvm-gardener-1504.0-6aac186b tar 1.35+dfsg-3 true
gardenlinux kvm-cg2epc-gardener-1504.0-6aac186b tar 1.35+dfsg-3 true
gardenlinux metal-cilium-k3s-osc-vhost-1504.0-6aac186b tar 1.35+dfsg-3 true
gardenlinux metal-cilium-k3s-osc-1504.0-6aac186b tar 1.35+dfsg-3 true
gardenlinux kvm-cilium-k3s-1510.0-0eb2d8b0 tar 1.35+dfsg-3 true
gardenlinux kvm-gardener-1510.0-0eb2d8b0 tar 1.35+dfsg-3 true
gardenlinux kvm-cg2epc-gardener-1510.0-0eb2d8b0 tar 1.35+dfsg-3 true
gardenlinux metal-cilium-k3s-osc-vhost-1510.0-0eb2d8b0 tar 1.35+dfsg-3 true
gardenlinux metal-cilium-k3s-osc-1510.0-0eb2d8b0 tar 1.35+dfsg-3 true
gardenlinux kvm-cilium-k3s-1569.0-5a8afbfa tar 1.35+dfsg-3 true
gardenlinux kvm-gardener-1569.0-5a8afbfa tar 1.35+dfsg-3 true
gardenlinux kvm-cg2epc-gardener-1569.0-5a8afbfa tar 1.35+dfsg-3 true
gardenlinux metal-cilium-k3s-osc-vhost-1569.0-5a8afbfa tar 1.35+dfsg-3 true
gardenlinux metal-cilium-k3s-osc-1569.0-5a8afbfa tar 1.35+dfsg-3 true
gardenlinux kvm-cilium-k3s-1605.0-490ed850 tar 1.35+dfsg-3 true
gardenlinux kvm-gardener-1605.0-490ed850 tar 1.35+dfsg-3 true
gardenlinux metal-cilium-k3s-osc-vhost-1605.0-490ed850 tar 1.35+dfsg-3 true
gardenlinux metal-cilium-k3s-osc-1605.0-490ed850 tar 1.35+dfsg-3 true
gardenlinux kvm-cilium-k3s-1721.0-9802b525 tar 1.35+dfsg-3 true
gardenlinux kvm-gardener-1721.0-9802b525 tar 1.35+dfsg-3 true
gardenlinux metal-cilium-k3s-osc-ucode-vhost-1721.0-9802b525 tar 1.35+dfsg-3 true
gardenlinux metal-cilium-k3s-osc-ucode-1721.0-9802b525 tar 1.35+dfsg-3 true
debian_linux 13 tar 1.35+dfsg-3.1 true
debian_linux 12 tar 1.34+dfsg-1.2+deb12u1 true
gardenlinux metal-cilium-k3s-osc-router-ucode-1721.0-9802b525 tar 1.35+dfsg-3 true
gardenlinux kvm-cilium-k3s-1862.0-6be879c6 tar 1.35+dfsg-3.1 true
gardenlinux kvm-gardener-1862.0-6be879c6 tar 1.35+dfsg-3.1 true
gardenlinux pt-gardener-nvgpu-1862.0-6be879c6 tar 1.35+dfsg-3.1 true
gardenlinux metal-cilium-k3s-osc-ucode-vhost-1862.0-6be879c6 tar 1.35+dfsg-3.1 true
gardenlinux metal-cilium-k3s-osc-ucode-1862.0-6be879c6 tar 1.35+dfsg-3.1 true
gardenlinux metal-cilium-k3s-osc-router-ucode-1862.0-6be879c6 tar 1.35+dfsg-3.1 true
debian_linux 14 tar 1.35+dfsg-4 true